North Korea Is on a Global Bank-Robbery Spree

As tensions flare between the U.S. and North Korea, the latter has been laser-focused on pulling off lucrative cyber heists

The FS-ISAC Annual Summit, where financial-industry insiders share insights about global security, is currently under way. Today, those leaders are united by a new common threat: North Korea. Because this is the year we’ve learned that Pyongyang has moved on from disrupting businesses (such as 2014’s Sony Pictures hack) to brazenly targeting banks across the globe.

This should impact risk-management strategies, especially in an environment such as FS-ISAC, which emphasizes security learnings through info-sharing. Financial companies must now look past simple threat detection, toward robust analytics that protect enterprises as vigilantly as they provide actionable intel.

North Korea’s change in strategy can be chalked up to its excommunication from the global economy by U.N. sanctions, relatively new tensions with China, and now an arms race with the White House. Experts agree that as North Korea boasts of its weapons arsenal, it’s targeting banks to pay for them. Meanwhile, earlier this year, a U.N. panel found that North Korean banks “manage to operate abroad through the establishment of front companies that are not registered as financial institutions but function as such.”

Kim Jong-un’s regime can already be tied to the $81 million Bangladesh Bank SWIFT-network hack, as well as incidents at Ecuadorean, Philippine, and Vietnamese banks. It appears as if he’s just getting started: The New York Times reports that North Korea boasts a criminal network that includes 1,700 hackers supported by more than 5,000 supervisors.

The Times points to a series of surprisingly sophisticated attacks last year on 20-plus Polish banks which, it says, indicates that North Korea is “increasingly trying to use its cyberattack abilities to bring in cash—and making progressively bolder attempts to do so.” In these “watering-hole” plots, hackers embedded malware onto a finance regulator’s website to target bank employees who visited it.

The Polish attack included American financial institutions. And subsequent research indicated that North Korea intended to steal from more than 100 organizations worldwide, with several U.S. banks said to be on hackers’ hit lists. After a spate of near-misses and advancing techniques, the need for banks to deploy security that acts quicker and smarter than these threats has never seemed more pressing.

Are you attending FS-ISAC? See Interset’s CTO, Stephan Jou, present a case study of how one global bank uses machine learning-based analytics to mitigate fraud. He’ll speak on Wednesday, May 3 at 1:30 p.m. You can also visit Interset at booth #16.